Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: adequate: privilege escalation via tty hijacking
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 29 Nov 2013 01:02:34 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/28/2013 04:41 AM, Salvatore Bonaccorso wrote:
Hi Kurt,

I would like to request a CVE for an issue with 'adequate':

http://bugs.debian.org/730691 (adequate: privilege escalation via
tty hijacking):

----cut---------cut---------cut---------cut---------cut---------cut-----


Package: adequate
Version: 0.4 Severity: serious Tags: security Justification: user
security hole

If root uses the --user option, then the user can hijack the tty
with the TIOCSTI ioctl.

This is similar to CVE-2005-4890.


Please use CVE-2013-6409 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSmEoZAAoJEBYNRVNeJnmTPY8P/0vsH+KVUmCJK5CVGDh2EkDX
GP8JoZjBzdaasyCK0QoNiNtkShrea4Uju6ngOFxMYJouo7xa29mZ4oTI71W+ehIA
ff6TlDPvbO17DcOwjR+FhhY2vCcbXU3sLyWZGAgbnQAW+GQbxcFyVVF/Ws00Ejc8
frS9pyvZVkmBJogoWnd2QR1FVRYBajizlJB9KSZMEjiVrPpUo5ARNxKUiRVHEv7n
glHKF82ZxqSDSNZ1QRhnNlcx7n14XrnhlUia0GsYqzF1hDLh/5M5RmU9dCayZOUe
noGrLLt3BA21hAIjQMSyURSklQgoQFThjsOynsA7XKu8j/uvCTU49lUClROf75/G
TmCGQKrzciheRRN/ezstb5GledYNRQtO+8ShcOHeKAaaQ3dMowy4xonSrVBxSw3s
1lXgtYE1oMPis25FaepSXydcSLU9DdPAujig+2m5v5Fv4t5u39QyKxZcOrkg4a9B
725mIr3yIkPWfr8ECSCOZqDeK6SOTy8578+jnlkrch1CQxrP21nNoO+cDYpaFmdF
wM9F3XQb8NOBfOd+gQMBxSBx62S9UHC+6/MzhKgnwzP1eZqojSEDgdWuX60Kt4LL
idKA5P+bz03nfdPcFTQXLqF9mtX8uvGtlsaKne5SvsBIoox/RQd1QNkxFXFM6f/h
Duy1GvBKmHcGYH32/vbA
=U2b4
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault